Kate Rohde

ITS 370

Chapter 8 Homework

Exercises:

 

1.     What can you find out about the cryptosystems and protocols in use to protect this transaction?

-        It would seem, Amazon uses the certificate method to secure their transactions. I unfortunately was unable to figure out anything more than that.

 

2.     Repeat Exercise 1 on a different Web site. Does this site use the same or different protocols? Describe them.

-        Went to chargin valley soup and salve company website. They use the same method as Amazon and uses the certificate method.

 

Case Exercises:

           Discussion Questions:

 

1.     Was Charlie exaggerating when he gave Peter an estimate for the time required to crack the encryption key using a brute force attack?

-        Charlie wasn’t exaggerating. A key length of 256 can take well over a hundred trillion years to break by the brute force method.

 

2.     Are there any tools that someone like Peter could use safely, other than a PKI-based system that implements key recovery to avoid losing his passphrase?

-        Peter could use a PGP system or the “Pretty Good Privacy hybrid cryptosystem. Because “even when a key is compromised, the owner can issue a digitally signed key revocation certificate that updates the credentials trust bytes when the credential is next verified” (Whiteman & Mattord, p.494).

 

Ethical Decision Making:

 

Suppose Charlie had installed key logger software on all company computer systems and had made a copy of Peter’s encryption key. Suppose that Charlie had this done without policy authority and without anyone’s knowledge, including Peter’s.

 

1.     Would the use of such a tool be an ethical violation on Charlie’s part? Is it illegal?

-        Yes, this would be an ethical violation due to not having the okay to do so and with no policies in place. Yes, this would be illegal because he is stealing confidential information and does not have the authorization to have said information.

 

2.     Suppose that Charlie had implemented the key logger with the knowledge and approval of senior company executives, and that every employee had signed a release that acknowledged the company can record all information entered on company systems. Two days after Peter’s call, Charlie calls back to give Peter his key: “We got lucky and cracked it early.” Charlie says this preserve Peter’s illusion of privacy. Is such a “little white lie” an ethical action on Charlie’s part?

-        This is not ethical because Peter does know he signed a waver to allow the company access. Lying is never ethical.